PT-2017-19141 · Uclinux+1 · Uclibc+1

Benjin Liu

Published

2017-06-16

Updated

2019-10-03

CVE-2017-9729

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions uClibc version 0.9.33.2

Description The issue is related to stack exhaustion due to uncontrolled recursion in the check dst limits calc pos 1 function, located in misc/regex/regexec.c, when the software processes a crafted regular expression.

Recommendations For uClibc version 0.9.33.2, consider avoiding the use of crafted regular expressions until a patch is available. As a temporary workaround, restrict the use of the check dst limits calc pos 1 function to minimize the risk of exploitation.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

CVE-2017-9729

Affected Products

Debian

Uclibc

PT-2017-19141 · Uclinux+1 · Uclibc+1

CVE-2017-9729

Weakness Enumeration

Related Identifiers

Affected Products

References · 5